All geek questions in one place

Handling User Relationships with LDAP Authentication

I'm building an LDAP authentication web application and I'm not too sure how to handle db user relationships (e.g. created, assigned, approvers, members)

So far I have come up with the following options:

  • the first time a user logs on to the system, check to see if the record exists among users. If not, do an ldap search to get the name and email and create a user record. The same thing happens when a user is added to a list or selected one. (possibly saving the last ldap search date and login details in x days)

  • create a user record using only cn and search on the fly for name and email

  • just save cn instead of fk and search on the fly for name and email.

I am inclined to move on to option 1, as this will simplify ORM and reduce the number of search queries ... on the other hand, it seems to be slightly reworked.

Any alternatives or reasons why the above options should be avoided will be appreciated.

+4
source share
1 answer

It probably depends on your use case.

  • Do you want to know about all users (even those who are not logged in yet)?
  • Do you need to store custom attributes for them?
  • Do you need to do relational queries based on custom attributes?

Just a few comparisons:

In fact, most of the applications that I have seen use the modified option 1. This is because LDAP is usually only one of the supported authentication options, and in many cases you want to store additional data for each user and work with the record, as with any by another person (speaking of relationships, memberships, ...). Important difference from your description:

  • Refresh a user record every time a user logs in.

Please note that there is a fourth possibility - do not integrate directly with LDAP and do not allow the IdM system to provide your application to users. However, this requires a working IdM to be present in your target environment.

+1
source

Source: https://habr.com/ru/post/1487944/

More articles:


All Articles